Data Safety & Security

Secure uninterrupted service
PDF

Kessler Topaz is dedicated to providing secure uninterrupted service to our clients and has implemented a numerous measures in order to ensure the safeguard of client transaction data. Highlights are as follows:

  • Kessler Topaz has, and complies with, an ISO/IEC 27000-series based Information Security Framework.

  • Kessler Topaz’s recently received a clean SOC 2 Type I report by the auditing firm Kirkpatrick Price. The audit report is available upon request.

  • Kessler Topaz maintains an in-house IT department consisting of seven employees and led by Head of IT Andrew Wells who alone has over 20 years of experience in the field.

  • Kessler Topaz follows industry standards to protect both the physical security of our systems, and network access to client transaction data. All client transactional data is hosted in our secure Azure environment. Client transaction data is encrypted both in transit and at rest and user level access controls are in place.

  • All client transaction data is logically separated from all other clients and is only accessible by Kessler Topaz’s 20-member, internal Portfolio Monitoring & Claims Administration Department.

  • Kessler Topaz’s has designed a cutting edge BI environment secured on Microsoft Azure. SQL provides the backend databases and the front end application is powered by Qlik software solutions and Microsoft Power Apps.

  • Kessler Topaz provides an SFTP enabled FIPS-140-2 compliant server for our clients to transfer data securely. Kessler Topaz’s public PGP key is provided to clients to add an additional layer of encryption to transactional data.

  • Kessler Topaz regularly updates procedures and tests our ability to maintain services during and after disasters in order to minimize any impact on our clients. Transactional data is regularly backed up and all servers and data are replicated from Microsoft’s US-East location to Microsoft’s US-West location using Microsoft Azure Site Recovery service.

  • To ensure our standards are met and in order to provide the most secure environment for our client’s transaction data, Kessler Topaz partners with an outside security firm, Layer 8 Security. Layer 8 enhances our internal efforts with numerous services: Security Configuration Benchmarking, Semi-Annual Internal Vulnerability Assessment, Monthly External Vulnerability Assessment, SOC 2 Control Monitoring, SIEM (Security information and event management), Phishing Simulation Testing, Annual Information Security Awareness Training, and Consulting.